SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2401-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution . - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-1033=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-1033=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1033=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1033=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org